On Wed, 19 Apr 2006 10:50:02 -0700
Tony Jones <[email protected]> wrote:
> This patch implements three distinct chunks.
> - list management, for profiles loaded into the system (profile_list) and for
> the set of confined tasks (subdomain_list)
> - the proc/pid/attr interface used by userspace for setprofile (forcing
> a task into a new profile) and changehat (switching a task into one of it's
> defined sub profiles). Access to change_hat is normally via code provided
> in libapparmor. See the overview posting for more information in change hat.
> - capability utility functions (for displaying capability names)
>
>
> Signed-off-by: Tony Jones <[email protected]>
>
> ---
> security/apparmor/capabilities.c | 54 ++++++
> security/apparmor/list.c | 268 +++++++++++++++++++++++++++++++
> security/apparmor/procattr.c | 327 +++++++++++++++++++++++++++++++++++++++
> 3 files changed, 649 insertions(+)
>
> --- /dev/null
> +++ linux-2.6.17-rc1/security/apparmor/capabilities.c
> @@ -0,0 +1,54 @@
> +/*
> + * Copyright (C) 2005 Novell/SUSE
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License as
> + * published by the Free Software Foundation, version 2 of the
> + * License.
> + *
> + * AppArmor capability definitions
> + */
> +
> +#include "apparmor.h"
> +
> +static const char *cap_names[] = {
> + "chown",
> + "dac_override",
> + "dac_read_search",
> + "fowner",
> + "fsetid",
> + "kill",
> + "setgid",
> + "setuid",
> + "setpcap",
> + "linux_immutable",
> + "net_bind_service",
> + "net_broadcast",
> + "net_admin",
> + "net_raw",
> + "ipc_lock",
> + "ipc_owner",
> + "sys_module",
> + "sys_rawio",
> + "sys_chroot",
> + "sys_ptrace",
> + "sys_pacct",
> + "sys_admin",
> + "sys_boot",
> + "sys_nice",
> + "sys_resource",
> + "sys_time",
> + "sys_tty_config",
> + "mknod",
> + "lease"
> +};
> +
> +const char *capability_to_name(unsigned int cap)
> +{
> + const char *name;
> +
> + name = (cap < (sizeof(cap_names) / sizeof(char *))
> + ? cap_names[cap] : "invalid-capability");
> +
> + return name;
> +}
> --- /dev/null
> +++ linux-2.6.17-rc1/security/apparmor/list.c
> @@ -0,0 +1,268 @@
> +/*
> + * Copyright (C) 1998-2005 Novell/SUSE
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License as
> + * published by the Free Software Foundation, version 2 of the
> + * License.
> + *
> + * AppArmor Profile List Management
> + */
> +
> +#include <linux/seq_file.h>
> +#include "apparmor.h"
> +#include "inline.h"
> +
> +/* list of all profiles and lock */
> +static LIST_HEAD(profile_list);
> +static rwlock_t profile_lock = RW_LOCK_UNLOCKED;
> +
> +/* list of all subdomains and lock */
> +static LIST_HEAD(subdomain_list);
> +static rwlock_t subdomain_lock = RW_LOCK_UNLOCKED;
This would be a good candidate for RCU.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
